The user inputs a disease and the SQL is supposed to return all patient details who have the disease. But i'm getting the following error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?' at line 1
SQL Query is as shown below. Please help me to debug it.
SELECT patient_personal_details.patient_id,
patient_personal_details.first_name,
patient_personal_details.last_name,
patient_personal_details.gender,
patient_personal_details.occupation,
patient_personal_details.marital_status
FROM patient_personal_details
INNER JOIN patient_medical_details
ON patient_personal_details.patient_id = patient_medical_details.patient_id
WHERE patient_medical_details.disease = ?
Here's the code:
public JTable getAllPatientsByDisease(String disease)throws RemoteException{
JTable table = null;
try{
Class.forName("com.mysql.jdbc.Driver");
Connection con = DriverManager.getConnection("jdbc:mysql://localhost/hospital_database","root","");
String sql = " SELECT patient_personal_details.patient_id, patient_personal_details.first_name, patient_personal_details.last_name, patient_personal_details.gender, patient_personal_details.occupation, patient_personal_details.marital_status FROM patient_personal_details "
+ " INNER JOIN patient_medical_details "
+ " ON patient_personal_details.patient_id = patient_medical_details.patient_id "
+ " WHERE patient_medical_details.disease = ? ";
PreparedStatement ps = con.prepareStatement(sql);
ps.setString(1, disease);
ResultSet rs = ps.executeQuery(sql);
table = new JTable(buildTableModel(rs));
}
catch(SQLException | ClassNotFoundException e){
System.out.println("Error: "+e);
}
return table;
}
Updated Answer : (now we have the code)
The problem is here:
ResultSet rs = ps.executeQuery(sql);
// ----------------------------^^^
Remove the sql
, just use:
ResultSet rs = ps.executeQuery();
By specifying the SQL as an argument, you were using Statement#executeQuery
, not PreparedStatement#executeQuery
. Statement#executeQuery
uses the SQL string literally, without substituting in the parameters (basically as though you'd not called setString
). (And yes, it's not a fantastic design decision by the JDBC folks.)
Original Answer :
The key bit of that error message is "...near '?'" That tells us that you never set a value to be substituted into the query at that point, and so the ? was used literally.
You need to use setString
(if the "disease" column is a textual column) or setInt
, etc., to set the parameters for the query. Eg:
PreparedStatement ps = connection.prepareStatement("SELECT ... WHERE patient_medical_details.disease = ?");
ps.setString(1, "arachnophobia"); // <===
ResultSet rs = ps.executeQuery();
The parameters are numbered (somewhat surprisingly) starting with 1 for the first ?
, 2 for the second, etc.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.